An alert correlation approach based on security operator's knowledge and preferences

&
Journal of Applied Non-Classical Logics 20 (1-2):7-37 (2010)
  Copy   BIBTEX

Abstract

One of the major problems of intrusion detection concerns the large amount of alerts that intrusion detection systems (IDS) produce. Security operator who analyzes alerts and takes decisions, is often submerged by the high number of alerts to analyze. In this paper, we present a new alert correlation approach based on knowledge and preferences of security operators. This approach, which is complementary to existing ones, allows to rank-order produced alerts on the basis of a security operator knowledge about the system, used IDS and his preferences about alerts that he wants to analyze or to ignore. Our approach is based on the development of a new non-classical logic for representing preferences, called FO-MQCL (First Order - Minimal Qualitative Choice Logic). Our logic extends a fragment of the first order logic by adding a new logical connective. The general idea is to present only alerts that fully fit security operator's preferences and knowledge. And if needed, less preferred alerts can also be presented.

Categories

Keywords

Reprint years

DOI

10.3166/jancl.20.7-37

Links

PhilArchive



    Upload a copy of this work     Papers currently archived: 92,168

External links

Setup an account with your affiliations in order to access resources via your University's proxy server

Through your library

My notes

Similar books and articles

Where do preferences come from?Franz Dietrich & Christian List - 2013 - International Journal of Game Theory 42 (3):613-637.
Security, Knowledge and Well-being.Stephen John - 2011 - Journal of Moral Philosophy 8 (1):68-91.
A Money-Pump for Acyclic Intransitive Preferences.Johan E. Gustafsson - 2010 - Dialectica 64 (2):251-257.
Compositional belief update.James Delgrande & Francis Jeffry Pelletier - unknown
The psychology of reasoning about preferences and unconsequential decisions.Jean-François Bonnefon, Vittorio Girotto & Paolo Legrenzi - 2012 - Synthese 185 (S1):27-41.
Modeling consciousness.Frédéric Dandurand & Thomas R. Shultz - 2002 - Behavioral and Brain Sciences 25 (3):334-334.
From outcomes to acts: A non-standard axiomatization of the expected utility principle.Martin Peterson - 2004 - Journal of Philosophical Logic 33 (4):361-378.
An axiomatization of 'very' within systiems of set theory.Athanassios Tzouvaras - 2003 - Studia Logica 73 (3):413 - 430.
S5 knowledge without partitions.Dov Samet - 2010 - Synthese 172 (1):145 - 155.
Fibred Security Language.Guido Boella, Dov M. Gabbay, Valerio Genovese & Leendert Van Der Torre - 2009 - Studia Logica 92 (3):395 - 436.
W duchu Tarskiego: o alternatywach teorio-dowodowej metalogiki.Stanisław J. Surma - 1993 - Filozofia Nauki 1.
Isomorphism and legal knowledge based systems.T. J. M. Bench-Capon & F. P. Coenen - 1992 - Artificial Intelligence and Law 1 (1):65-86.

Analytics

Added to PP
2013-10-30

Downloads
20 (#770,420)

6 months
4 (#796,773)

Historical graph of downloads
How can I increase my downloads?

Citations of this work

No citations found.

Add more citations

References found in this work

Qualitative choice logic.Gerhard Brewka, Salem Benferhat & Daniel Le Berre - 2004 - Artificial Intelligence 157 (1-2):203-237.

Add more references